Ongoing Stayin' Alive Attacks Target Asian Telecoms and Governments
ToddyCat, an advanced persistent threat (APT) actor, has been linked to a new set of malicious tools for data exfiltration, revealing insights into their tactics and capabilities. Kaspersky discovered this new arsenal, which includes loaders, a file collection tool, a Dropbox uploader, and an archive exfiltration tool. ToddyCat also utilizes custom scripts, a passive backdoor, Cobalt Strike, and compromised credentials for lateral movement. Check Point has revealed that government and telecom entities in Asia have been targeted by a similar campaign using "disposable" malware, with infrastructure overlapping with ToddyCat's operations.